Search
Close this search box.

CrowdStrike Global Meltdown

Crowdstrike Global Meltdown

The Six Five team discusses CrowdStrike global meltdown.

If you are interested in watching the full episode you can check it out here.

Disclaimer: The Six Five Webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we ask that you do not treat us as such.

Transcript:

Patrick Moorhead: I mean, literally on X, literally 75% of all the content I saw this morning when I woke up at 6:00 A.M. was about it being down. Now, what’s interesting is it appears there’s two independent things going on here. First of all, Microsoft had an apps outage, a lot less information on that, but a Microsoft executive did comment in the Wall Street Journal about it in fact being an issue, but the biggest of all issues is CrowdStrike. So CrowdStrike is a broad-based security company, and one of the things they do is they secure devices, and one of those devices is PCs, Macs. Apparently, what happened is a corrupted .sys file was automatically updated, and a .sys file, if you’re unfamiliar with Windows, is basically the core elements or the most important part. It’s about as low level as you can get and directly talks to the operating system.

What this did is it created a bunch of blue screens of death, lovingly referred to as BSODs, and it has taken down major airlines, railways, hospitals, financial institutions, even news. Sky News was down, apparently, and I saw just a ton of flights that were canceled in India, in Europe, and in Asia. So yeah, this is a freaking meltdown. New information is coming out, but my first question is, how does an enterprise do a global update on a .sys file without doing an air gap test, and is that for deployment, speed? I had a couple people respond to me in X and said, “Listen, this is for zero day where you have to be almost immediate.” That’s question number one.

And the second question I have, because many of these systems are still online, modern enterprise Windows PCs have BIOS-based tools, where through a management console, the IT teams can do updates as long as they have access to the BIOS. Long as the BIOS is not corrupted, they can go in and they can do updates to files on the fly. In fact, they can even reboot systems remotely. So knowing that these PCs aren’t alive, it leads me to believe that, A, they don’t have this management capability in place and it’s likely they’re using older PCs. We saw this with a lot of the zero days where they were using Windows 98, Windows 8, actually, yeah, Windows 8 that did not have many of these software-based capabilities. Again, we’re going to get more information as it comes out. But my overall message here is you always have to have an OSHBT plan when your first line of defense goes down. You need a way to very quickly find a way to go back to a known good state out there.

By the way, that’s just not for PCs, that’s for enterprise SaaS applications that get updated. Most enterprise SaaS applications platform have a major update that happens every month. Sometimes it happens every quarter when I look at the enterprise SaaS players, but you need a way to get back to a known good state, whether it’s a PC, a server, a router, whatever. It’s interesting, Dan, it really puts these companies like Cohesity, as an example, into play that have air-gapped and Commvault, who have these air-gapped capabilities of being able to get back to that known good state. We’ll be following this as it moves forward. Dan, what are your quick takes?

Daniel Newman: I mean, look, you and I would probably be the first to admit that we’re not cybersecurity experts. We have people that we employ on our teams that really focus on this. This seems to be somewhere crossed over between the impact of CrowdStrike’s massive deployment and the number of endpoints and systems that it secures on a global basis and the extraordinary impact that can be had from a small mistake that could be made on the developer side. Someone that’s pushing code out. To your point, we are always up against this immediacy of handling the threats. Again, for people that are out there in our community here that aren’t really into security, the threat environment is so much more substantial than most people tend to understand, the number of threats, the speed of which threats are being created and the risk that companies, enterprises have. We hear about how companies, banks, healthcare systems, these data breaches, these are not companies that have unsophisticated and a lack of resources working on security. These are companies that are targeted daily, every minute by nation states and bad actors.

Now, ironically, from what we understand, and again it’s early, the full news, the story will evolve and we’ll hear more about this, is that this wasn’t something that it wasn’t done by an attack. This wasn’t someone breaching or breaking CrowdStrike’s perimeter or shields or getting access to its device servers or some core application. This was a self-inflicted wound. So to your point, Pat, when that happens, it is really fascinating to me this … Remember the old triangle? Was it speed, quality and price or whatever it is pick any two?

Patrick Moorhead: Yeah, it’s a product management thing or at least that’s the way I always looked at it.

Daniel Newman: To the point of people who spoke to you, it’s like, “Yeah, I get the point of speed over backup and double,” but really, as you are developing, pushing these next updates and codes, you don’t have an environment to test something in very quickly just to make sure it doesn’t break anything, it seems to me like we’re going to … You’re going to find out that there was some error made that did not follow protocol or chain of command that created this breakdown, and the breakdown was substantial. To your point, look at how many things it broke. Pat, it’s incredible. I mean, it really is incredible that a mistake in losing access to all these endpoints, losing access to all these systems that one company can secure can literally take down industries. It can take down entire industries. I mean, literally, planes are not going up in the air right now. People are not able to check in for their flights, they’re not able to get access to their bank accounts. Broadcast companies like Sky aren’t even able to broadcast the news right now.

By the way, it’s taking hours to bring it back up. This also shows the complexity and the significance of our systems that even after we know it’s wrong and we work to push the fix, it’s not just flipping a switch. You and I have lived our lives resetting. Everything that breaks, you just reboot it. In this case, a reboot is not enough. This is fascinating. We’re going to keep following it. I think Will Townsend on your team-

Patrick Moorhead: Anshel Sag will be on the analysis too.

Daniel Newman: Anshel, Will, and then on our side, Shira Rubinoff and Krista Macomber lead our security. I’m going to be looking for them to be posting some more in-depth as to what happened from a security side, and then of course, our developer folks will talk about where developers potentially went wrong, look for more notes out of our team over the next couple of days.

Author Information

Daniel is the CEO of The Futurum Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise.

From the leading edge of AI to global technology policy, Daniel makes the connections between business, people and tech that are required for companies to benefit most from their technology investments. Daniel is a top 5 globally ranked industry analyst and his ideas are regularly cited or shared in television appearances by CNBC, Bloomberg, Wall Street Journal and hundreds of other sites around the world.

A 7x Best-Selling Author including his most recent book “Human/Machine.” Daniel is also a Forbes and MarketWatch (Dow Jones) contributor.

An MBA and Former Graduate Adjunct Faculty, Daniel is an Austin Texas transplant after 40 years in Chicago. His speaking takes him around the world each year as he shares his vision of the role technology will play in our future.

SHARE:

Latest Insights:

Nick Coult, Director at Amazon Web Services, joins Keith Townsend to share insights on Amazon ECS's 10th anniversary, discussing its evolution, key innovations, and future vision, highlighting the impact Gen AI has on the industry.
Join hosts Patrick Moorhead and Melody Brue to explore the groundbreaking impact of high-capacity SSDs and QLC technology in driving AI's future, emphasizing Solidigm's role in leading this transformative journey.
Adobe Reports Record FY2024 Revenue Driven by Strong Digital Media and Digital Experience Segments While Leveraging AI to Drive Innovation and Meet Analyst Expectations
Keith Kirkpatrick, Research Director at The Futurum Group, analyzes Adobe’s FY2024 performance. Growth in the Digital Media and Digital Experience segments contributed to record revenue while addressing challenges like the impacts of foreign exchange.
Matt Yanchyshyn, VP at AWS, joins Dion Hinchcliffe to share insights on the evolving cloud marketplace landscape, highlighting AWS Marketplace's new features and the impact of GenAI on business operations.